cve/2024/CVE-2024-49855.md

### [CVE-2024-49855](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49855)
![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=2895f1831e911ca87d4efdf43e35eb72a0c7e66e%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=5.19%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=5171ef20bae852ff38f4cfdb368bcdcc744776d0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=cdf62c535a9bfd5ff0eef4b91669da39d8abc0c3%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue)

### Description

In the Linux kernel, the following vulnerability has been resolved:nbd: fix race between timeout and normal completionIf request timetout is handled by nbd_requeue_cmd(), normal completionhas to be stopped for avoiding to complete this requeued request, otheruse-after-free can be triggered.Fix the race by clearing NBD_CMD_INFLIGHT in nbd_requeue_cmd(), meantimemake sure that cmd->lock is grabbed for clearing the flag and therequeue.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds